» FIPS-201 Fingerprint Readers
» FIPS-201 Contact Smart Card Readers
» FIPS-201 Contact Smart Card &
Fingerprint Combination Readers
» See All
Biometrics and the Dutch Supreme Court:
To defend against data and identity theft the Dutch Supreme Court utilizes Zvetco Fingerprint Readers password replacement.
Verifi Express Pack!
Fast and Affordable: Get a Verifi fingerprint reader for a special low price.
» Buy Now
The New P5100 Reader.
Sporting the industries largest-based silicon fingerprint sensor, the P5100 can tackle both large and small jobs.
» Read More
Physical security professionals once pulled out a shiny metallic “master key” whenever an employee accidentally locked himself out of an office. Today, however, employees are just as likely to lock themselves out of computer networks. Luckily, the information security technology comes to the rescue with a product class called “single sign-on” (SSO for short), that can act as the master key to enable easy entry to all user’s files, applications and websites without need of remembering multiple passwords.
Single Sign-On, while convenient; present a unique security challenge to IT professionals. If (or when) a rogue employee learns the master password of a fellow employee, he or she can gain immediate to all access privileges and permissions which had been granted to the fellow employee. This type of security hole has actually resulted in numerous un-authorized financial transactions and compromised corporate, private and government data.
The ActivIdentity single Sign-On tool improves security by allowing organizations to automatically generate complex passwords that are less susceptible to theft, guessing and brute-force dictionary attacks than user generated static passwords. This capability allows organizations to enforce strong security policies for individual applications while enabling simple and transparent user access. Instead of having to establish, remember and use a new risk-appropriate password for every application they want to access, users only need to log in when their system starts. This approach simplifies not only user access, but also user credential life cycle management. In addition, it minimizes password resets and other help desk tasks associated with lost or forgotten passwords.
When deployed with Zvetco Biometrics’ rugged, enterprise grade biometric readers, ActivIdentity SecureLogin SSO further reduces help desk costs by enabling self-service emergency access and password resets for users who forget their password.
The Zvetco solution adds strong authentication capabilities to SecureLogin SSO by enforcing the use of a biometric and/or smart card to log in to workstations and to encrypt all user passwords.
But SSO does have one big drawback, and ironically, it is the same as its biggest strength: centralized access to password management. To prevent hackers from gaining password control, virtually all SSOs also support additional network security mechanisms, such as high encryption levels and use of a smart card, biometric or other technologies as supplemental ways of proving identity.
Meanwhile, organizations are also discovering that dealing with password issues can be expensive.
According to research by Enterprise Management Associates (EMA), password management costs in excess of $350 per year, on average, for every computer user in an organization. So, if an agency has 10,000 employees, it is shelling out $3.5 million annually just for assisting staffers who have lost or forgotten their passwords.
The fundamental dilemma organizations face is to strike the fine balance between security and efficiency. While it would be much more efficient to maintain a single password that is easy to remember and never changes for each user, the security implications make it unwise and, in many cases, illegal. On the other hand, the most secure password would be one that is randomly generated, has no direct correlation to the individual user and changes frequently. The problem with more secure practices is that it would create passwords that are virtually impossible to remember, resulting in end users writing them down and/or involving the help desk for practically every change.
“In attempts to improve password security or to appease auditors, enterprises may introduce or update policies that demand more complex passwords and more frequent password changes and which allow fewer failed attempts. The harder the passwords are to remember, the more likely it is that users will write them down and place them in an easy to find location or store passwords on a PC or handheld device without encrypting them. The majority of users who don’t write down or store hard-to-remember passwords are more likely to call the help desk for passwords resets”.
Many organizations are looking for tools to help enforce stronger password policies in an effort to increase security and enable regulatory compliance. This only compounds the problem greatly.
Another challenge is introduced when organizations have complex, multi-platform enterprises. While the majority of users will have a Windows™ login and password, any of those users that must access non-Windows resources – such as Linux/Unix systems, non-Windows applications or mainframes and databases – must also have a logon to those systems. However, typical rules for password length and complexity that apply to those systems are different from those applicable to Windows. Thus, the end user is left to create and remember a variety of passwords for a variety of systems and those passwords may be on different expiration cycles.
According to Forrester:
“Password problems and resets generally constitute between 25% and 40% of total help desk incidents”.